CVE-2019-13543

Summary

Medtronic Valleylab Exchange Client version 3.4 and below, Valleylab FT10 Energy Platform (VLFT10GEN) software version 4.0.0 and below, and Valleylab FX8 Energy Platform (VLFX8GEN) software version 1.1.0 and below use multiple sets of hard-coded credentials. If discovered, they can be used to read files on the device.

Affected Software

VendorProductVersion RangeStatus
MedtronicValleylab Exchange Client0 <= 3.4affected
MedtronicValleylab FT10 Energy Platform (VLFT10GEN)0 <= software version 4.0.0affected
MedtronicValleylab FX8 Energy Platform (VLFX8GEN)0 <= software version 1.1.0affected

Weaknesses

  • CWE-798: CWE-798 Use of Hard-coded Credentials

ADP Enrichment

CVE Program Container

Additional References

References